On 10/04/2012 03:20 PM, I.S.C. William wrote:
>
>
> 2012/10/4 Tom Eastep <[email protected] <mailto:[email protected]>>
>
> On 10/04/2012 02:49 PM, I.S.C. William wrote:
>
> >
> >
> > Yes but .. what's this attempt, because I worked in another shorewall
> > and in this no, what I want is ...
> >
> > Allow entire LAN to browse secure sites (https), but .. Reject the
> > output of the entire network LAN segments to public IP (NET_LIST)
> on the
> > internet and only have access to these segments MAC addresses are
> > listed, MAC_LIST.
> >
> > I hope I explained better .. thanks ..
>
> REJECT loc:!$MAC_List net:$NET_LIST
> ACCEPT loc net tcp 443
>
>
> So is confirmed, use this rule in the file "rules"
>
> REJECTloc:~00-0E-E8-D6-31-03,~00-0E-E8-D6-31-AAnet:199.59.148.0/22,199.59.149.0/22
> <http://199.59.148.0/22,199.59.149.0/22>tcp443
>
> if it worked, if I use the variable MAC_LIST in file "PARAMS", the rule
> does not work.
>
> Enabled miss something to use variables in PARAMS readable file "rules"?
>
Please send me (privately) a tarball of your /etc/shorewall directory.
Before you create the tarball, please:
shorewall show -f capabilities > /etc/shorewall/caps
Thanks,
-Tom
--
Tom Eastep \ When I die, I want to go like my Grandfather who
Shoreline, \ died peacefully in his sleep. Not screaming like
Washington, USA \ all of the passengers in his car
http://shorewall.net \________________________________________________
------------------------------------------------------------------------------
Don't let slow site performance ruin your business. Deploy New Relic APM
Deploy New Relic app performance management and know exactly
what is happening inside your Ruby, Python, PHP, Java, and .NET app
Try New Relic at no cost today and get our sweet Data Nerd shirt too!
http://p.sf.net/sfu/newrelic-dev2dev
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
